Reading notes for Code Fellows!
Access control is a key security technique that is used to regulate who or what can view or use any given resource. It essentially consists of a system of authentication and authorization of assigned user roles with a given system.
An education app might have need for an access control system. Which may allow users to sign in to the system as a student, a teacher’s assistant, an instructor or as an administrator depending on why/how they are using the app.
In an access control system, roles are used to define the resources or data available to particular users of a system. Roles protect sensitive data and ensures employees/students/users can only access information and perform actions they need to do their jobs/perform their functions.
Sytems or organizations that utilize role-based access can easily change, add or even remove roles. There are no exception cases in the system, each user is assigned to an existing role. This reduces the chance of assigning a user the wrong permissions.
| Vocabulary Term | Definition | | — | — | | Authorization | The function of specifying access privileges to resources, which is related to access control in particular. Wikipedia | | Role-Based Access Control | An approach to restricting system access to authorized users designed around a mechanism of defined roles and privileges. Wikipedia | | Capabilities | capabilities are typically implemented as a privileged data structure that consists of sections that specify access rights, and sections that uniquely identify the objects to be accessed. These assignment of these capabilities are usually determined by roles in RBAC. Wikipedia |